Fastest Way to Serve a File Using PHP

by

My previous answer was partial and not well documented, here is an update with a summary of the solutions from it and from others in the discussion.

The solutions are ordered from best solution to worst but also from the solution needing the most control over the web server to the one needing the less. There don’t seem to be an easy way to have one solution that is both fast and work everywhere.

Using the X-SendFile header

As documented by others it’s actually the best way. The basis is that you do your access control in php and then instead of sending the file yourself you tell the web server to do it.

The basic php code is :

header("X-Sendfile: $file_name");
header("Content-type: application/octet-stream");
header('Content-Disposition: attachment; filename="' . basename($file_name) . '"');

Where $file_name is the full path on the file system.

The main problem with this solution is that it need to be allowed by the web server and either isn’t installed by default (apache), isn’t active by default (lighttpd) or need a specific configuration (nginx).

Apache

Under apache if you use mod_php you need to install a module called mod_xsendfile then configure it (either in apache config or .htaccess if you allow it)

XSendFile on
XSendFilePath /home/www/example.com/htdocs/files/

With this module the file path could either be absolute or relative to the specified XSendFilePath.

Lighttpd

The mod_fastcgi support this when configured with 

"allow-x-send-file" => "enable"

The documentation for the feature is on the lighttpd wiki they document the X-LIGHTTPD-send-file header but the X-Sendfile name also work

Nginx

On Nginx you can’t use the X-Sendfile header you must use their own header that is named X-Accel-Redirect. It is enabled by default and the only real difference is that it’s argument should be an URI not a file system. The consequence is that you must define a location marked as internal in your configuration to avoid clients finding the real file url and going directly to it, their wiki contains a good explanation of this.

Symlinks and Location header

You could use symlinks and redirect to them, just create symlinks to your file with random names when an user is authorized to access a file and redirect the user to it using:

header("Location: " . $url_of_symlink);

Obviously you’ll need a way to prune them either when the script to create them is called or via cron (on the machine if you have access or via some webcron service otherwise)

Under apache you need to be able to enable FollowSymLinks in a .htaccess or in the apache config.

Access control by IP and Location header

Another hack is to generate apache access files from php allowing the explicit user IP. Under apache it mean using mod_authz_host (mod_access) Allow from commands.

The problem is that locking access to the file (as multiple users may want to do this at the same time) is non trivial and could lead to some users waiting a long time. And you still need to prune the file anyway.

Obviously another problem would be that multiple people behind the same IP could potentially access the file.

When everything else fail

If you really don’t have any way to get your web server to help you, the only solution remaining is readfile it’s available in all php versions currently in use and work pretty well (but isn’t really efficient).

Combining solutions

In fine, the best way to send a file really fast if you want your php code to be usable everywhere is to have a configurable option somewhere, with instructions on how to activate it depending on the web server and maybe an auto detection in your install script.

It is pretty similar to what is done in a lot of software for

  • Clean urls (mod_rewrite on apache)
  • Crypto functions (mcrypt php module)
  • Multibyte string support (mbstring php module)

More Related Contents:

  1. Save form data to .txt file [closed]
  2. Preferred method to store PHP arrays (json_encode vs serialize)
  3. List of Big-O for PHP functions
  4. How can I measure the speed of code written in PHP? [closed]
  5. Performance of foreach, array_map with lambda and array_map with static function
  6. Speed difference in using inline strings vs concatenation in php5?
  7. Opening/closing tags & performance?
  8. Why is require_once so bad to use?
  9. Speed difference in using inline strings vs concatenation in php5?
  10. What is the best way to read last lines (i.e. “tail”) from a file using PHP?
  11. In PHP (>= 5.0), is passing by reference faster?
  12. How to clear APC cache entries?
  13. Using X-Sendfile with Apache/PHP
  14. Getting HTTP code in PHP using curl
  15. How to copy a file from one directory to another using PHP?
  16. Which is Faster and better, Switch Case or if else if?
  17. Will enabling XDebug on a production server make PHP slower?
  18. Efficiently pick n random elements from PHP array (without shuffle)
  19. What is the fastest XML parser in PHP?
  20. PHP Case Insensitive Version of file_exists()
  21. Why is calling a function (such as strlen, count etc) on a referenced value so slow?
  22. Overwrite Line in File with PHP
  23. Is PHP’s count() function O(1) or O(n) for arrays?
  24. Advantages / Disadvantages of pconnect option in CodeIgniter
  25. for loop vs while loop vs foreach loop PHP
  26. SQL & PHP – Which is faster mysql_num_rows() or ‘select count()’?
  27. How does array_diff work?
  28. MySQL Stored Procedure vs. complex query
  29. Limit download speed using PHP
  30. Safe alternatives to PHP Globals (Good Coding Practices)

Leave a Comment